Revision 225f86af
Added by Reid Linnemann over 3 years ago
| src/etc/inc/captiveportal.inc | ||
|---|---|---|
| 586 | 586 |
|
| 587 | 587 |
$cprules = <<<EOD |
| 588 | 588 |
{$flush_rule}
|
| 589 |
# Allow traffic that's been passed by layer2
|
|
| 590 |
add 999 allow tagged 1
|
|
| 589 |
# Allow all layer3 so the chain is only evaluated once at layer 2
|
|
| 590 |
add 999 allow all from any to any not layer2
|
|
| 591 | 591 |
|
| 592 | 592 |
# Table with interfaces that have CP enabled |
| 593 | 593 |
table cp_ifaces create type iface valtype skipto |
| ... | ... | |
| 689 | 689 |
$rulenum = $skipto; |
| 690 | 690 |
$cprules .= "table {$cpzone}_pipe_mac create type mac valtype pipe\n";
|
| 691 | 691 |
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
|
| 692 |
"pipe tablearg tag 1 MAC table({$cpzone}_pipe_mac)");
|
|
| 692 |
"pipe tablearg MAC table({$cpzone}_pipe_mac)");
|
|
| 693 | 693 |
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
|
| 694 | 694 |
"allow pfsync from any to any"); |
| 695 | 695 |
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
|
| ... | ... | |
| 741 | 741 |
$cprules .= "table {$cpzone}_auth_down create type addr valtype pipe\n";
|
| 742 | 742 |
} |
| 743 | 743 |
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
|
| 744 |
"pipe tablearg tag 1 ip from table({$cpzone}_auth_up) to any layer2 in");
|
|
| 744 |
"pipe tablearg ip from table({$cpzone}_auth_up) to any in");
|
|
| 745 | 745 |
$cprules .= captiveportal_create_ipfw_rule("add", $rulenum,
|
| 746 |
"pipe tablearg tag 1 ip from any to table({$cpzone}_auth_down) layer2 out");
|
|
| 746 |
"pipe tablearg ip from any to table({$cpzone}_auth_down) out");
|
|
| 747 | 747 |
|
| 748 | 748 |
if (!empty($config['captiveportal'][$cpzone]['listenporthttp'])) {
|
| 749 | 749 |
$listenporthttp = $config['captiveportal'][$cpzone]['listenporthttp']; |
Also available in: Unified diff
Modify CP rules to work on 22.01/2.6.0. Fixes #12834